Remote Signing

A cloud signing solution lets users digitally sign documents without the need for locally installed digital signatures by relying on the services of a cloud-hosted signing service.

The user’s digital signing key may also be located in the cloud for complete mobility, i.e. a user being able to sign from any internet-connected device (iPad, mobile phones, any laptop etc.). Typically this means all user keys are held in a secure Hardware Security Module (HSM) located centrally or via encrypted database.

An alternatively use case is where the user must sign via a Secure Signature Creation Device (SSCD) e.g. a secure smartcard or USB token. Even then a cloud service can still be utilised. The cloud signing service can send the document/transaction to the SSCD for local signing. In this scenario the user must have installed the local drivers for the SSCD and have a smartcard reader connected.

Ascertia can offer both its ADSS Server (in particular its Go>Sign Service module) as well SigningHub as cloud hosted signing service. See below for further details.

SOLUTION DESCRIPTION

Ascertia caters for cloud signatures in two different ways. The main difference is whether a simple signing/verification capability is required or a complete document workflow solution which can transfer the document to multiple signers as part of a review and approval cycle:

SigningHub

SigningHub.com is our public cloud-hosted instance of the SigningHub product. The product can be licensed for in-house or private cloud service. For full details of this cloud-signing service visit SigningHub.com. Note SigningHub can cater for both server-side signing, local client-side signing (SSCD) or mobile signing. SigningHub provides the ability to workflow the document to multiple users for sign-off purposes and track the document status. Signers are notified via email alerts. SigningHub can be easily integrated within any web application using iFrames.

ADSS Signing Service

In this case individual signatures are produced (i.e. no workflow of the document between multiple parties). The client application can make a web services call to request signing of any document/transaction using PDF, XML, CMS/PKCS#7, PAdES, CAdES or XAdES signatures. The signing key can be held on the server or locally by the user in which case the ADSS Go>Sign Desktop application will be used to interface with the user’s SSCD.

WHY ASCERTIA?

There are very good reasons for choosing Ascertia for cloud signing

Multiple Signature Formats

Ascertia’s products offer the widest support for digital signature formats and standards and the greatest flexibility in how to implement these. Whether it’s PDF, XML, PKCS#7, CMS, S/MIME or PKCS#1 signatures we can sign your business document or transaction.

Long-Term Digital Signatures

Ascertia is a clear leader in creating long-term digital signatures which can be verified many years in the future, an essential requirement for most businesses and governments. We support ETSI XAdES and CAdES as well as latest PAdES (PDF format) profiles.

Multiple Signing in Options

Different applications have different needs for how digital signatures are created. Some require server-side signing with mobile used only for OTP authentication. Others require mobile signing to be done in mobile devices using certified tamper-resistant hardware chips whilst others even want soft keys managed by the mobile app. Ascertia can offer solutions within any of these methods.

PKI Components

Digital signature creation is only one part of the solution for mobile signing – there are also requirements for signature verification, trust anchor management, key management, certification, real-time certificate validation, time-stamping and secure long-term archiving. ADSS Server is unique in being able to address all these requirements in our multi-function ADSS server. All these services are based on leading industry standards including OASIS DSS & DSS/X (signing, verification and encryption), RFC 3161 (timestamping), IETF LTANS (archiving), RFC 6960 (OCSP validation), RFC 5055 (SCVP validation).